Purpose of the Privacy Code
The Privacy Code is based on the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96 (the "CSA Code"), which was published as a National Standard of Canada and which forms the basis for the new Personal Information Protection and Electronic Documents Act. We have attempted to apply the principles of the CSA Code specifically to the online environment.
Scope and Application
The Privacy Code is a voluntary code that represents a formal statement of principles and guidelines concerning the minimum protection that we will provide to customers regarding the protection of personal information. The Code applies to the management of personal information about a customer in any form whether oral, electronic or written that is collected, used or disclosed. The Code consists of ten principles that are closely related.
Because the following words have specific meanings, they have been defined at the beginning of the Code.
Click stream data - data derived from a customer's navigational choices expressed during the course of visiting a World Wide Web site or other online areas.
Collect - to gather or acquire record or obtain personal information, from any source, by any means.
Consent - voluntary agreement with the collection, use and disclosure of personal information. Consent can be express or implied, and provided directly by the customer or through an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference by the member seeking consent. We rely primarily on electronic or written consent given the uncertainties inherent in oral consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the customer.
Disclose - to make personal information available to a third party.
Personal information - information about a customer, but not aggregated information that cannot be associated with a specific customer. Personal information includes but is not limited to information such as a customer's name, postal and electronic addresses, age, gender, income, employment, credit information, billing records, and the like. Clickstream data is only considered personal information if it is linked to other personal information about a customer.
Third party - an individual or organization other than us.
Use - our own management of personal information.
Customer - an individual who uses, or applies to use, our products or services, or who corresponds with us.
The Ten Privacy Principles
Principle 1 - Accountability
Principle 2 - Identifying purposes of personal information
Principle 3 - Getting consent
Principle 4 - Limits for collecting personal information
Principle 5 - Limits for using, disclosing and keeping personal information
Principle 6 - Keeping personal information accurate
Principle 7 - Safeguarding personal information
Principle 8 - Making information about policies and procedures available to customers
Principle 9 - Customer access to personal information
Principle 10 - Handling complaints and question
1. Our accountability
We are accountable for all personal information in their control, including any personal information disclosed to third parties for processing. We will establish policies and procedures to comply with their own privacy codes, and will designate one or more persons to be accountable for compliance.
2. Identifying the purposes of personal information
We will identify the purposes of collecting personal information, before or when it is provided.
3. Getting the customer's consent
We will make a reasonable effort to make sure customers understand how the personal information will be used and disclosed by us. We will get consent from their customers before or when they collect, use or disclose personal information. They will not deceive a customer into giving consent.
A customer's consent can be expressed, implied, or given through an authorized representative. A customer can withdraw consent at any time, with certain exceptions.
We, however, may collect, use or disclose personal information without the customer's consent for legal, security or certain processing reasons.
4. Limits for collecting personal information
We will limit the amount and type of personal information we collect. We will collect personal information for the purposes we have already identified to the customer. We will collect personal information using procedures which are fair and lawful.
5. Limits for using, disclosing, and keeping personal information
We will use or disclose personal information only for the reasons it was collected, unless a customer gives consent to use or disclose it for another reason.
Under certain exception circumstances, we have a common law duty or right to disclose personal information to protect our or the public interest without customer consent.
We will keep personal information only as long as necessary for the identified purposes.
6. Keeping personal information accurate
We will keep personal information as accurate, complete, current and relevant as necessary for its identified purposes.
Customers may challenge the accuracy and completeness of their personal information and have it amended as appropriate.
7. Safeguarding personal information
We will protect personal information with safeguards appropriate to the sensitivity of the information.
8. Making information about policies and procedures available to customers
We will be open about the policies and procedures they use to manage personal information. Customers will have access to information about these policies and procedures. The information will be easy to understand.
9. Providing customer access to personal information
When customers request it, we will tell them what personal information we have, what it is being used for, and to whom it has been disclosed.
When customers request it, we will give them access to their personal information. In certain situations, however, we may not be able to give customers access to all their personal information. We will explain the reasons for this lack of access when customers ask.
10. Handling customers' complaints and questions
Customers may challenge our compliance with our own privacy code. We will have policies and procedures to receive, investigate and respond to customers' complaints and questions.